Transfer of digital currency encryption keys through the process of issuance, validation and devaluation of physical medium with multi-factor authorization, and the physical medium of encryption keys for digital currency to conduct this transfer technology

ABSTRACT

A method of a transfer of the digital currency encryption keys through the process of issuance, validation and devaluation of physical medium with multi-factor authorization is disclosed. The medium is distributed on the market as blank and to which belongs a second authorization factor safely stored with the manufacturer or integrated into the medium in form of a tamper-evident box, is loaded by an issuer using a SW application for the medium issuance and based on a first authorization factor generated by the issuer, an identifier of the medium and other data an address is derived and passed to the issuer to which he sends the balance of the digital currency in an amount equivalent to the denomination of the medium. A physical medium of encryption keys for the digital currency is also disclosed.

RELATED PATENT APPLICATIONS

This patent application is a continuation of U.S. patent applicationSer. No. 15/752,983 filed on Feb. 15, 2018, which claims priority onInternational Application No. PCT/CZ2016/000094 filed on Aug. 19, 2016,which claims priority on Czech Republic patent application No. PV2015-562 filed on Aug. 20, 2015, the entire disclosures of which areincorporated herein by reference.

FIELD OF THE INVENTION

The present invention pertains to the field of digital currency andelectronic payment network based on cryptography and decentralizationsuch as Bitcoin, Litecoin etc. The invention relates to the methods andprocedures to transfer these financial instruments into the physicalworld and to create a corresponding physical embodiment of this paymentmeans in the form of a medium of encryption keys for digital currency.

BACKGROUND OF THE INVENTION

Since the establishment of Bitcoin digital cryptocurrency at the turn of2008/2009 there have been attempts to transfer this electronic currencyinto the physical world. The easiest and most common way is to create a“Paper Wallet” (FIG. 1). This is in fact the paper form backup of aprivate encryption key achieved by using commonly available officeequipment. The paper wallet contains a private encryption key in a forhumans readable text and usually also in a machine readable QR code, aBitcoin address (again, in text and QR code), and possibly a figureshowing the balance, or a box where the balance amount can be written.Everything is provided with additional wording, instructions and colourgraphics. The paper wallet contains no security features.

There are a number of web services/software programs for generatingpaper wallets (Lit. 1, 2, 3). The holder of a paper wallet reallycontrols the digital currency balance at a relevant address. The problemis that each paper wallet may have an unlimited number of copies,therefore a paper wallet, as a physical object, does not reflect thevalue of a digital currency balance. A paper wallet cannot serve forpayments either, because the recipient can never be sure whether thepayer keeps another copy. Thus, this is really just an instrument forthe backup of a private key, similarly to noting down a password forelectronic banking in pencil on paper. We neither share it with anyone,nor attempt to pay by it.

In 2011 Bitcoin Casascius coins (FIG. 3) and plastic Bitbills cards(FIG. 2) appeared on the market. Both products represent physicalobjects which contain an integrated private key covered with atamper-evident sticker. In 2013 Bitcoin certificates of Bitcoin SuisseAG then appeared (FIG. 4) having the private key glued between twolayers of synthetic paper. All three of these products suffer afundamental deficiency: the manufacturer knows the private keys of allproduced pieces of each payment instrument. Current holders aretherefore not in an exclusive position to control the digital currencyrepresented by physical objects; there is always a joint holder—themanufacturer. Although manufacturers pledge to have destroyed theprivate key information, or boast of high safety standards in productionproviding guarantees of no private key information leakage, this mattercannot be independently verified and there is always a certain risk thatthe backing of part or all of the produced units of a payment means willsooner or later be misappropriated by an initially honest manufacturer,which is equivalent to robbing own clients. The corresponding model offinancial control is shown in FIG. 6.

There are attempts to prevent this situation by specification BIP 38(Lit. 4), which allows to generate a private key protected by apassword. For a certain period (2012-2013), the manufacturer ofCasascius coins offered customers to order coins made in accordance withthis specification. The procedure was as follows: a customer generated apassword-protected private key and sent it to the Casasciusmanufacturer, who produced a coin for the customer with the protectedkey integrated in. The coin was then sent to the client-customer. Inthis model, the manufacturer was not given a chance to misappropriatethe funds because the only one who knew the password to the private keywas the customer. This model corresponds to the diagram drawn in FIG. 7.The coin holder does not have to worry about the misappropriation of thecorresponding digital currency backing. However, such coin cannot beused as a means of payment for a simple reason: The receiver would againnot become an exclusive holder since the first owner, who had orderedthe coin, knows both the private key and the password. The problem isthus not solved, merely shifted one step further in the chain of holders(see FIG. 8). Except for the first holder (Client), no other currentholder can exclusively control the backing by digital currency. Themanufacturers of objects based on BIP38 are aware of this fact, that iswhy they offer their products, rather than as a means of payment, for“offline storage” (cold storage), i.e. as a safe deposit of a digitalcryptocurrency balance in the physical form. For the time being, thereis no publicly known technical solution to produce and use physicalmeans of payment backed by digital currency in a way that a currentholder would have an exclusive control over the corresponding backing.Thus, a solution that would satisfy the substance of the diagrams inFIGS. 7 and 9.

SUMMARY OF THE INVENTION

The aforementioned disadvantages of existing physical representations ofdigital currency are eliminated by the transfer of digital currencyencryption keys through the process of issuance, validation anddevaluation of physical medium with multi-factor authorization. Thebasic idea of this transfer process is that an issuer, using a softwareapplication for medium issuance, loads a blank medium distributed on themarket, paired with the second authorization factor safely stored at themanufacturer or integrated into the medium in the form of atamper-evident box, and generates the first authorization factor. On thebasis of this first authorization factor, the medium identifier andother data he acquires the address where to send the digital currencybalance in the amount equivalent to the denomination of the medium.Having inspected all required formalities, in particular theauthenticity of the medium piece and the transferred sum of the digitalcurrency balance being equal to the denomination of the medium, adigital signature is issued on request through online service. Thesoftware application for medium issuance combines the digital signaturewith the first authorization factor and the issuer completes the mediumwith these data especially by print, hand-write or a sticker. That waythe medium becomes activated and passable to the next holder, evenrepeatedly. The recipient carries out a visual inspection and verifiesthe medium using a software application for medium verification,especially the amount of the digital currency balance. Then this SWapplication verifies the authenticity of the digital signature afterloading the first authorization factor and the digital signature, thefirst authorization factor is validated, and the recipient compares thedigitally signed data with the data visible on the medium. Then therecipient loads, using the software application for edemption of digitalcurrency, all authorization factors available on this new duly issuedphysical medium in active state, possibly adds other authorizationfactors known to him, and compiles and authorizes an electronictransaction in the given digital currency network to redeem funds in theelectronic form to the private address of the recipient. The result isthe transfer of encryption keys for digital currency through the processof issuance, validation and devaluation of physical medium withmulti-factor authorization, and thus effecting a payment transactionbetween the issuer and the final recipient in digital currency. Part ofthe result is also a visibly devaluated medium.

Preferably, the last recipient, who performs the redemption of digitalcurrency funds and the final devaluation of medium is its originalmanufacturer, who uses for the compilation and authorization of thetransaction in digital currency also other authorization factors notpresent on the medium and known only to him.

Preferably, the SW application for medium issuance, the SW applicationfor medium verification and the SW application for the redemption of thedigital currency funds are open-source applications, publicly accessibleon the Internet. At best, all these three SW applications arerepresented by a single software application.

The above drawbacks of current physical representations of digitalcurrencies are eliminated by the physical medium of encryption keys fordigital currency designed for successful transfer of digital currencyencryption keys whose base body is a flat plane object of any shape (inparticular a geometrical figure), made of compact materials (especiallyplastics, paper, metals and their alloys) with one of its major planesurfaces identified with the unique alphanumeric identifier 1 and whichcontains, depending on a particular model, applications of protectivefeatures against counterfeiting, with one or both major plane surfaceshaving also boxes for receiving the first authorization factor and thedigital signature. Preferably, the base body in the form of a flat planeobject has the shape of a square, rectangle or circle. Preferably, thebase body is shaped like standard credit cards, coins and banknotes.Preferably, the base body bears on either side information on thedenomination and currency unit. Preferably, the protective featuresagainst counterfeiting in case of embodiment in paper form are inparticular special security paper with watermarks or metallic strips,optically variable elements, very fine graphic elements calledguilloches, iris colour gradations, colours with UV or IR luminescence,chemically reagent colours, or inaccessible printing methods.

Preferably, the protective features against counterfeiting in case ofembodiment in plastic cards are mainly holograms.

Preferably, the protective features against counterfeiting in case ofembodiment in metal coins are diffractive security elements (kinegrams)or electronic RFID chips.

Preferably, the unique alphanumeric identifier 1 is turned into asecured element, i.e. recoated with iridescent varnish, punched or anoptically variable element.

Preferably, there is only one single box used for filling in both thefirst authorization factor and the digital signature.

Preferably, either of the major plane surfaces bears another boxcontaining the second authorization factor in a tamper-evident mode.

The proposed technology to transfer digital currency encryption keysthrough the process of issuance, validation and devaluation of physicalmedium with multi-factor authorization and the physical medium ofencryption keys for digital currency to conduct this technology sharethe following key advantages:

1. This physical form of digital currency is very difficult tocounterfeit.

2. A current holder is in an exclusive position to control the digitalcurrency used for backing a certain medium. In other words, none of theprevious holders nor the manufacturer can misappropriate the backing.

3. The backing (issuance) of physical medium is easily feasible usingcommonly available office and computer equipment and an internetconnection.

4. The verification of physical medium is easily feasible using commonlyavailable mobile computer equipment and pre-installed software, evenwith no internet connection.

5. In case a physical medium contains also the second authorizationfactor in a tamper-evident mode, anyone may cancel the backing andredeem the funds using commonly available (mobile) computer equipmentand internet access, but devaluation/evident damage to the medium willoccur at the same time.

Compared to current physical products aimed at preserving the balance ofdigital currencies, the invention means a major qualitative leapforward, mainly due to points 2 and 4. When compared with currentlyavailable means of payment as the products of banks and states(banknotes, coins, cheques), the submitted invention also brings afundamental innovation. Commonly available means of payment are based ondirect trust (FIG. 5), and if confidence in their manufacturers fades,the payment instruments immediately lose their function and value. Theholder cannot directly (factually) control the relevant backing of acertain payment instrument. The holder's and the manufacturer'spositions are not equal, therefore in case of bankruptcy of themanufacturer or a monetary reform, the holder usually loses the wholevalue represented by these substitutes.

The invention of physical media of encryption keys for digital currencygives a birth to a means of payment which preserves its value regardlessof the economic situation of the manufacturer. In case physical mediacontaining also the second authorization factor in a tamper-evidentmode, neither bankruptcy nor possible liquidation of the manufacturerhave effect on the value of issued media.

The invented physical medium of encryption keys for digital currencybears, unlike the mentioned money substitutes, its intrinsic valueequivalent to the balance in the digital currency. This intrinsic valueis similar as if the means of payment were directly precious metals(gold, silver). Such tenders, usually coins, also have their intrinsicvalue which is independent of the entity of manufacturer.

The present invention allows to perform the metamorphosis between theelectronic and physical form of money in the comfort of home and withoutan intermediary (bank). Having the necessary amount of unbacked piecesof the described media, common office and computer equipment and aninternet connection is sufficient to change the electronic to thephysical representation of currency. In case of physical media with thesecond authorization factor 5A in a tamper-evident mode, a change in theopposite direction is also possible, without an intermediary and withonly an internet connection and a smart mobile phone or tablet.

In summary, the absolute advantage of this invention is the possibilityto create a physical medium of encryption keys for digital currency anduse it to perform the transfer of the digital currency encryption keysthrough the process of issuance, validation, and devaluation of thephysical medium, while a current holder has an exclusive control overthe backing of the digital currency.

LEGEND TO ATTACHED FIGURES (DRAWINGS OF THE INVENTION)

FIG. 1 Paper Wallet

FIG. 2 BitBills

FIG. 3 Casascius coins

FIG. 4 Bitcoin Certificates

FIG. 5 Indirect control of backing

FIG. 6 Non-exclusive control of backing

FIG. 7 Exclusive control of backing

FIG. 8 Holders vs. joint holders

FIG. 9 Exclusive control of current holder

FIG. 10 The mere creation of physical representation

FIG. 11 Transition between the electronic and physical representation

FIG. 12 The shapes of encryption keys media

FIG. 13 Coin—the obverse

FIG. 14 Coin—the reverse

FIG. 15 Banknote

FIG. 16 Plastic card

FIG. 17 The life cycle of medium of encryption keys for digital currency

FIG. 18 The procedure of issuance of medium of encryption keys

FIG. 19 The procedure of validation of medium of encryption keys

FIG. 20 The procedure of devaluation of medium of encryption keys

EXAMPLES OF THE INVENTION DEFINITIONS OF BASIC TERMS

In order to describe and explain the use of physical media withencryption keys for digital currency it is necessary to first define orclarify certain terms.

Bitcoin is a digital currency and payment network, sometimes alsoreferred to as virtual currency, or more accurately as cryptocurrency.It works on the basis of a decentralized P2P network of computerprograms with a distributed data structure known as blockchain and usesasymmetric cryptography to authorize transactions.

Digital (crypto) currencies in this text refer to the whole family ofsystems such as Bitcoin. Thus, all currencies and payment networksoperating like Bitcoin, currencies and payment networks derivedtherefrom, and currencies and payment networks based on the sameprinciples, e.g. Litecoin, DogeCoin, PrimeCoin and many others.

Payment means—unless otherwise specified, it is a physical objectpresent in the real world, serving to hold and transfer a certain valueat the payment system. It may be marked with a denomination and currencyunit. Typical payment means in the context of this document are coins,banknotes, cheques, or the described invention itself.

Physical payment—an act in which two entities transfer a tangible meansof payment of a certain denomination, e.g. a payment with a banknote ina shop.

Physical medium of encryption keys for digital currency is an objectconnected with a certain financial balance in the payment network of agiven digital currency. It is usually fully legitimate only withguarantees of being the only existing instrument to control theappropriate balance, i.e. there are no more copies of this object withthe same serial number.

Address of digital currency is an equivalent to the bank account numberin the conventional financial system.

Public and private encryption keys are two pieces of information whichenable to perform asymmetric cryptography.

Tamper-evident is the designation for a general quality and a family oftechnologies which are able to detect penetration into a protectedenvironment. Their aim is not to prevent the penetration, but toreliably detect it, e.g. seals on letters, seals used by the police forsecuring the doors of real estates, seals used by electronicsmanufacturers to detect unauthorized interference with the device,scratch-off tickets, etc.

Manufacturer of physical medium of encryption keys for digital currencyis an entity which launches the medium on the market under ownname/brand. It may be a company, a bank or a state institution.

Issuer is a user/holder who uses an unbacked physical medium ofencryption keys and issues it; similarly to the issuance of cheques.

Life cycle of a means of payment

The transfer of digital currency encryption keys through the process ofissuance, validation and devaluation of physical medium with amulti-factor authorization may be demonstrated on the example of thelifecycle of a means of payment in the form of a physical medium ofencryption keys for digital currency. The described means of payment isdistributed blank (unbacked) on the market. This state is visible atfirst glance, since box 2 for the first authorization factor 2A and box3 for the digital signature 3A are blank, and possibly box 5 for thesecond authorization factor 5A intact. In this condition, the value ofsuch medium is only its sales price, which can be proportional comparedto the denomination stated. The best metaphor for this state iscomparison to an unfilled cheque.

A customer can issue a payment instrument, i.e. to back it with balancein digital currency. See the section Issuance of Physical Medium ofEncryption Keys. At that moment the medium gains the value correspondingto its denomination. Since the information on the first authorizationfactor 2A and the digital signature 3A is added, the medium is nowdistinguishable from its previous blank condition at first sight.

A backed medium can be used for payments, which requires the recipientto verify its authenticity and backing. See the section Verification ofPhysical Medium of Encryption Keys.

A medium may be used for payments repeatedly. There is no modificationundergoing. A holder who wishes to release the backing funds andcontinue to use them only electronically can devaluate the medium. Thisprocess is described in the section Devaluation of Physical Medium ofEncryption Keys. That way the life cycle of a medium is by the end. Inthis sense, it is disposable with no functional recycling possible.Depending on the material used, it can be ecologically disposed of. Thelife cycle is illustrated in the state diagram in FIG. 17.

Necessary Software Infrastructure

To transfer a blank (unbacked) to a backed medium, to verify a mediumand to transfer a backed to a devaluated medium (more precisely, toredeem the backing of a devaluated medium of encryption keys for digitalcurrency), the following auxiliary software infrastructure is needed:

a) SW application for the issuance of physical medium of encryptionkeys. It helps customers create the first authorization factor 2A,combine it with a medium identifier and possibly other data in order toacquire the final address to which the digital currency balance will bedeposited with the intention to back a specific physical medium ofencryption keys for digital currency. The application also communicateswith the online service for the issuance of digital signatures 3A andfinally it prepares the groundwork for a suitable embodiment of thefirst authorization factor 2A and the digital signature 3A (e.g. itcompiles data to be printed on medium).

b) Online service for the issuance of digital signatures 3A.

The manufacturer of media of encryption keys provides a public internetservice for the issuance of digital signatures 3A. During the process ofthe medium issuance, the customer automatically communicates with thisonline service and after the verification of all formalities(authenticity of a physical medium of encryption keys with a specificidentifier, the actual amount of backing, etc.), the manufacturerproduces the digital signature 3A and sends it via the internet networkto the customer.

c) SW application for the verification of physical medium of encryptionkeys.

It helps the payee verify the authenticity of a physical medium ofencryption keys for digital currency as well as proper backing by acorresponding balance of digital currency. It may be designed e.g. formobile devices (such as a phone or tablet) equipped with a camera, orfor the payment terminals of merchants equipped with a barcode reader,etc. It serves for the facilitation of machine loading and an analysisof relevant information from a specific physical medium of encryptionkeys at the moment of payment.

d) SW application for the redemption of digital currency funds.

It is used to load the first and, if available, also the secondauthorization factor 5A on a devaluated medium and to compile a specificelectronic transaction in a given digital currency network in order toredeem the funds to the private address of holder. The only task is toassist and facilitate the currency change from the physical back to theelectronic form.

Distribution of SW Equipment

There is an assumption that the manufacturer of physical media ofencryption keys will release an application for the issuance, anapplication for the verification and an application for the redemptionof funds in the open-source mode, publically accessible on the internet,in order to achieve greater transparency of the entire system and toreceive possible feedback from software experts.

It can be further assumed that a publicly independent implementation ofthis functionality may appear from a third party in order to diversifythe software infrastructure. This fact will not jeopardize theinvention, on the contrary, it can strengthen the robustness of theentire system.

The software infrastructure is not subject to protection of industrialproperty and contains no substantial inventiveness. It mainly serves toautomate and facilitate operations with physical media of encryptionkeys—mostly it performs routine and well-documented computing operationssuch as issuance of digital signature, verification of digital signature3A, communication with the P2P network of digital currency, etc.

Technology of Two-factor Authorization

There are multiple technologies to be used. Either the private key isdivided into several parts, or it is generated from more pieces ofinformation (see the Shamir Secret Sharing Scheme (Lit. 8)), orso-called multisig and/or P2SH transaction (Lit. 9) is used, whichrequires the knowledge of two or more private keys to control thebalance of digital currency.

It is to mention that the cryptographic security of the entire solutionis not dependent on the quality of the first authorization factor 2Agenerated by the issuer. On condition that the manufacturer guaranteesthe cryptographic strength of the second authorization factor 5A as wellas the uniqueness of the second authorization factor 5A for eachvaluable item, and provided that the concatenation of these two factors2A, 5A will be defined in only one possible way, then even if the issuerapplies the same first authorization factor 2A for more pieces ofpayment means, or if he uses cryptographically weak information with lowentropy, it will not endanger the security of the technology in terms ofa potential attack by a third party.

Technology of Digital Signature

The specific digital signature scheme 3A is not essential for theembodiment of the invention. It appears desirable to use the digitalsignature 3A based on asymmetric cryptography and so-called Public KeyInfrastructure (PKI). The particular algorithms may be e.g. DSA, ECDSA.

Issuance of Physical Medium of Encryption Keys

The procedure is shown in FIG. 18. A customer-issuer must have a blank(unbacked) medium of encryption keys, computer equipment with internetaccess and a software application for issuance. Using this SW hegenerates, or loads from another source, the first authorization factor.Then he loads the identifier from the physical medium of encryption keysfor digital currency and possibly also other auxiliary informationnecessary for the compilation of the address for backing. Theapplication derives the address of backing and communicates it to theissuer. Subsequently, he sends to this address the corresponding amountof backing (equal to the denomination of the payment instrument). Then,using the application for issuance, he asks the online service of themanufacturer for the digital signature 3A. If all formalities are met(it is an authentic means of payment, the amount sent for backingcorresponds to the denomination, etc.), the digital signature 3A isgenerated. The application for issuance then suitably combines it withthe first authorization factor 2A and produces a format to facilitatethe issuer a suitable completion of the medium, e.g. print version. Oncethe necessary information is filled in on the medium, the process ofissuance is by the end, and there is a new duly backed physical mediumof encryption keys. If desired, the issuer may verify it (see below). Atthis point the issuer cannot control the funds used for backing unlessthe medium is devaluated (see below). The same funds cannot be used forbacking another medium or another payment in digital form. The funds aretightly bound to a specific medium whose current holder is in anexclusive position to control the relevant backing in digital currency.

Verification of Physical Medium of Encryption Keys

The procedure of verification is shown in FIG. 19. The verifier (usuallythe recipient of a physical medium of encryption keys) uses a softwareapplication for verification, which can be freely downloaded on theinternet. However, at the time of verification, regardless of the numberof verified media, there is no need to be on-line any more. First, theverifier visually checks the medium to see if it is backed (i.e. if thebox for the first authorization factor 2A and the box 3 for the digitalsignature 3A are not blank). An apparently blank, unbacked medium shouldbe rejected as a payment means straightaway. To complete the visualinspection, security features should be also checked depending on theparticular embodiment of the invention, e.g. in case of paper form thewatermark, hologram, etc. Then the verifier starts the softwareapplication, loads the first authorization factor 2A and the digitalsignature 3A from the medium, and the application verifies whether thedigital signature 3A is genuine and to which medium and denomination itrelates. The verifier visually checks if the medium in his hands ismarked with a correct denomination and equipped with an appropriateidentifier, and in case of conformity, he accepts the medium. If hefinds out any difference in the identifier or denomination, he refusesto accept the medium for payment.

Part of the inspection with the use of the software application is thevalidation of the first authorization factor 2A. If the medium containsa faulty, damaged or totally inadequate first authorization factor 2A,the application notifies the verifier of this fact and the verificationends with a negative result.

Devaluation of Physical Medium of Encryption Keys

The procedure of devaluation is shown in FIG. 20. At this point we meandevaluation with the intention of transferring the corresponding backingback into the electronic form. Of course, there are many possibilitiesto destroy the payment instrument depending on the material used, e.g.by heat, chemical solvents, etc. However, its mere physical destructionwithout prior loading of the first 2A and possibly the second 5Aauthorization factor, would cause a complete irreversible destruction ofthe corresponding digital currency units (similarly to burning a validbanknote). We expect most users to be driven by rational motives andcarry out the destruction in order to obtain the digital currency used.

The user loads the first authorization factor 2A. In case there is alsothe second authorization factor 5A in a tamper-evident mode, he removesthe tamper-evident protection so as to get the information about thesecond authorization factor 5A. In reality it may be scratching off abox, peeling off a destructive sticker, breaking or tearing the body ofthe payment means, etc. Then the user redeems the funds to his privateaddress using a software application.

Construction Nature of the Proposed Technology of Physical Medium Firstto be introduced in the text and attached figures is the basic elementof the transfer of encryption keys for digital currency through theprocess of issuance, validation and devaluation of physical medium withmulti-factor authorization, thus the construction of a physical mediumof encryption keys for digital currency. It is made of a flat plane basebody of any shape (in particular a geometrical figure), and compactmaterials (especially plastics, paper, metals and their alloys) with oneof its major plane surfaces identified with the unique alphanumericidentifier 1. This physical medium of encryption keys for digitalcurrency contains, depending on a particular model, applications ofprotective features against counterfeiting, with one or both major planesurfaces having box 2 for receiving the first authorization factor 2Abox 3 for adding the digital signature 3A, and, if the case, also box 5for the second authorization factor 5A in a temper-evident mode. Thebase body, a flat plane object, is preferably in the shape of a square,rectangle or circle, or in the shape of a standard credit card, coin orbanknote. On either side it provides information on the denomination andcurrency unit.

Physical media of encryption keys embodied in paper form bearapplications with protective features against counterfeiting, inparticular special security paper with watermarks and/or metallicstrips, optically variable elements, very fine graphics calledguilloches, iris colour gradations, colours with UV or IR luminescence,chemically reagent colours, or inaccessible printing methods.

In case of embodiment in plastic cards, the protective features againstcounterfeiting are mainly holograms, and in case of embodiment in metalcoins the protective features against counterfeiting are preferablydiffractive security elements (kinegrams) or electronic RFID chips. Theunique alphanumeric identifier 1 is turned into a secured element, i.e.in particular recoated with iridescent varnish, punched or an opticallyvariable element.

One of the solutions brings box 2 for the first authorization factor 2Aand box 3 for the digital signature 3A in one shared box.

The technology of physical medium of encryption keys for digitalcurrency is based on the following building blocks: security printingfeatures, multi-factor authorization, digital signature and possiblyalso tamper-evident features.

The present invention is a physical object which is protected againstcounterfeiting with security features and identified by the uniquealphanumeric identifier 1. At once, it contains box 2 for receiving thefirst authorization factor 2A, which makes, after a proper issuance ofthe medium, at most half of the amount of information necessary for thecontrol of the digital backing. The object further contains box 3 foradding the digital signature 3A. These two pieces of information are tobe provided by the customer, along with the funds in digital currencyneeded to back the medium. It is also preferable if the physical mediumof encryption keys contains box 5 with the second authorization factor5A protected by a security feature of tamper-evident nature, in otherwords readable only with an evident devaluation/damage of the wholeobject.

Detailed Description of the Medium

Dimensions, weight, material and shape: the embodiment of the medium ofencryption keys for digital currency may theoretically be of any size,however, to make its use in physical payment transactions betweenindividuals practical and comfortable, presumably the size of eachsingle piece should range from units to tens of centimetres, with itsvolume minimized for the reason of space-saving storage.

Similarly, the medium weight should not exceed several units of grams asmanipulation with much more massive media of encryption keys wouldcertainly lead to a reduction in payment ergonomics. Theoretically, amedium of any weight may be produced though. The medium material is notprecisely given either. It is desirable to use a material which providesdurability, reasonable wear resistance, and acceptable production costseven in large quantity batches, typically paper, plastic or metal.Neither the shape of the present invention is specified, preferably itshould be a plane (flat) shape.

Dimensions, weight, material and shape are not essential for theembodiment of the invention, but they must not impede the use ofbefore-mentioned key elements, which the physical medium of encryptionkeys must contain.

In this text we work with three possible physical embodiments, in theirsize, weight, material and shape most closely resembling the currentwell-established means of payment, i.e. a coin, a bill and a plasticcard (FIG. 12). However, it is to be pointed out again that possibleembodiments of the present invention are not limited to these threeoptions, and theoretically entirely different combinations of materials,weights, sizes and shapes can be produced.

Protection against Counterfeiting and Forgery

The medium of encryption keys must ultimately hamper any attempts atforgery. In case of a paper/polymer embodiment, security print is to beused, i.e. technologies leading to the production and application of avariety of security features typical in the banknote production. Theseinvolve e.g. special security paper with watermarks and/or metallicstrips, so-called optically variable elements (“holograms”, iridescentvarnish, special colours), commonly inaccessible printing methods suchas gravure or highly accurate offset printing, very fine geometricgraphic elements called guilloches, iris colour gradations, colours withUV or IR luminescence, thermochromic or chemically reagent colours, etc.There are many protective features and production technologies, andtheir particular selection depends on the choice and productionpossibilities of the manufacturer of payment means.

Plastic cards can also be equipped with optically variable elements(“holograms”), printed in special colours, embossed, etc.

Metal coins can be equipped with an optically variable element KINEGRAM(Lit. 5), or an electronic RFID chip (Lit. 6).

Distinguishability and Uniqueness

Each single medium must be marked with the unique alphanumericidentifier 1. The uniqueness is secured by the manufacturer who selectsa suitable set of identifiers, which need not form a continuous series,on the contrary, it appears preferable to use sufficiently long chainslooking random at first glance. For example:

4DaFvf3RumoW67B2rXAMdx72VycebHksU

KgtbGgaX2ngstNpvyv7LwpHSweVeqGbpM

NH9od4H3XQupviN8pRGQ6uteVm1qd9KF4, etc.

Such identifiers, if of sufficient length, and thus of sufficientlylarge combinatorial space, basically eliminate the chance of a potentialforger to guess them and to produce forgeries of unavailable pieces. Theauthentication (see below) includes an automated inspection ofidentifier, i.e. a forgery with a non-compliant, e.g. invented,identifier would be immediately detected.

Examples of the use of alphanumeric identifiers 1 are given in FIGS. 13,15 and 16.

Protection against Modifications of Identifier

With respect to the nature of the invention, when the free market offersboth unbacked (blank) and duly backed media, i.e. not every medium bearsalways the value corresponding to the indicated denomination, it isnecessary to ultimately hamper any efforts to modify the identifier inorder to avoid counterfeiting by turning an unbacked piece into a backedone. The following example demonstrates that if an identifier were inform of an ordinary number of a continuous series printed in aconventional technology, a forger would need to get only two originalunbacked pieces with consecutive identification numbers. After properlybacking one with digital currency, i.e. issuing a valid medium ofencryption keys, he would then modify the second piece so that theidentifier was identical with the first one and transfer there alsoother key elements (see below). That way he would receive a verysuccessful fake. In case of the numerical identifier of a continuousseries it is in fact sufficient to alter one (the last) digit of eitherof two consecutive numbers. On the contrary, with the use of longalphanumeric identifiers 1 of a discontinuous series, as outlined above,a forger would have to alter a lot of characters, often the entirechain. Additionally, if the identifier is turned into a protectedfeature, e.g. recoated with iridescent varnish, typeset, punched, oroptically variable, then any efforts of a potential forger to modify theidentifier become much more difficult and there will be no chance tocarry out an attack on the valuable means by the identifiermodification.

Box 2 for the First Authorization Factor 2A

On a medium of encryption keys for digital currency, there is a clearlyvisible box 2 to fill in the first authorization factor 2A, i.e. thefirst part of information which is needed to control the amount ofdigital currency used to back up the medium. It is not important whichway the first authorization factor 2A is added: it may be printed on themedium, glued, hand-written, engraved, punched, laser burned, cut, etc.

The first authorization factor 2A need not be protected by securityfeatures, it must only be readable and reasonably durable and resistantfor the purpose of physical payments. Box 2 to fill in the firstauthorization factor 2A therefore does not require any specialtechnology. The element is shown in FIGS. 14, 15 and 16.

Box 3 for Digital Signature 3A

On the medium of encryption keys for digital currency, there is aclearly visible box 3 to fill in the digital signature 3A. It is notimportant which way the digital signature 3A is added: it may be printedon the medium, glued, hand-written, engraved, punched, laser burned,cut, etc.

The digital signature 3A need not be protected by security features, itmust only be readable and reasonably durable and resistant for thepurpose of physical payments. Box 3 to fill in the digital signature 3Atherefore does not require any special technology. Digital signature 3Aat this point means a physical representation of data generated by thedigital signature technology. The data can be represented in binary,octal, decimal, hexadecimal or other suitable system and form analphanumeric chain readable with the naked eye or machine-readablegraphics (bar code, QR code), or both together. Under certaincircumstances, it may be practical to combine the first authorizationfactor 2A and the digital signature 3A in a single box, and so simplifythe process of medium issuance and verification. Thus, this version ofthe medium of encryption keys has only one box to fill in both pieces ofinformation at once as shown in FIGS. 14 and 16.

Second Authorization Factor 5A

The second piece of information protecting the digital currency backingis provided by the manufacturer of medium and called the secondauthentication factor 5A. Depending on whether the second authorizationfactor 5A is integrated in the medium, there are two different forms ofembodiment.

a) Preferably, the second authorization factor 5A is incorporated intomedium in form of a protected tamper-evident box to reliably detectpenetration, which in this case happens by merely reading the secondauthorization factor. Therefore there is an aim to add the secondauthorization factor 5A to medium in such a way that once read, therewill be a visible (evident) change of the element, or the entire medium,in the sense that at first glance it will appear devaluated. An examplemight be scratch-off tickets or destructive stickers used by bankcorporations to send PINs to payment cards by post. Optionally, thesecond authorization factor 5A may be encapsulated inside the body of ameans of payment so that it is necessary to disassemble/split the meansinto two parts to read it. This approach is used in Lit. 7. It isimportant that the process of modification be irreversible and reliable,i.e. not circumvented and the information obtained without an evidentmodification/devaluation of medium at the same time, not even bysophisticated physical or chemical technologies.

If a medium of encryption keys for digital currency contains the secondauthorization factor 5A in form of a tamper-evident box, there is noneed of an intermediary for a reverse change of the currency from thephysical to the electronic representation, and the last holder canredeem the funds used to back up the medium using only a “smart” mobilephone or tablet with the relevant SW equipment and an internetconnection. At the same time, this solution option is both technicallyand financially more demanding for media manufacturers.

b) Simpler as well as cheaper to produce may be the solution optionwhere the second authorization factor is not integrated into the mediumof encryption keys, but the whole time it is known only to the mediummanufacturer. At the same time, however, the manufacturer becomes theonly entity who is able to change the physical representation of digitalcurrency (a medium of encryption keys) back to an electronicrepresentation, i.e. to redeem backing. This in fact means that if acurrent holder of a duly issued (backed) medium decides to change therepresentation of the physical currency back to the electronic form, hemust deliver the medium back to the manufacturer to receive the relevantfunds. At the same time the manufacturer has to guarantee that thewithdrawn medium will undergo a definitive destruction.

The need to return the medium back to the manufacturer in order tocancel the backing makes this model logistically and procedurallychallenging, and at once the manufacturer becomes the central point forpotential attacks by counterfeiters, however, this model eliminates thecosts of tamper-evident technologies, which can make the production ofphysical media of encryption keys significantly cheaper.

Denomination The medium of encryption keys for digital currency in abacked state should always contain a clearly readable information 4about the denomination and currency unit, or the name of the currencyitself.

The medium may already be produced with this information and marketed inseveral different denominations, or the choice of the nominal value maystay with the issuer (similarly to cheques). In that case the mediummust offer an adequate box to fill in this information (FIG. 16).

Layout of Elements

Within the medium of encryption keys for digital currency, the elementsare distributed in accordance with the ergonomics of use, while takinginto account in particular the procedure of medium verification, whichis supposed the be the most common activity carried out with a medium.Secondarily, the procedures of issuance and devaluation are also takeninto consideration. However, theoretically, the particular layout of theelements is not important as the core of the present invention is notaffected, e.g. a paper embodiment (FIG. 15) does not need to have allelements placed on the obverse side, but both the boxes for print may bemoved to the reverse side. There is a whole range of possiblemodifications.

The Summary of Innovation

The nature of the physical medium of encryption keys and the transfer ofthe digital currency encryption keys through the process of issuance,validation and devaluation of physical medium with multi-factorauthorization

The proposed medium of encryption keys for digital currency is of thefollowing nature:

1. This physical representation of digital currency is very difficult tocounterfeit.

2. A current holder is in an exclusive position to control the digitalcurrency used for backing a given medium. In other words, none of theprevious holders nor the manufacturer can misappropriate the backing.

3. The backing (issuance) of physical medium is easily feasible usingcommonly available office and computer equipment and an internetconnection.

4. The verification of physical medium is easily feasible using commonlyavailable mobile computer equipment and pre-installed software, evenwith no internet connection.

5. In case a physical medium contains also the second authorizationfactor in a tamper-evident mode, anyone may cancel the backing andredeem the funds using commonly available (mobile) computer equipmentand internet access, but devaluation/evident damage to the medium willoccur at the same time.

Compared to current physical products aimed at preserving the balance ofdigital currencies, the invention means a major qualitative leapforward, mainly due to points 2 and 4 of this chapter.

When compared with currently available means of payment as the productsof banks and states (banknotes, coins, cheques), the present inventionalso brings a fundamental innovation. Commonly available means ofpayment are based on direct trust (FIG. 5), and if confidence in theirmanufacturers fades, the payment instruments immediately lose theirfunction and value. A holder cannot directly (factually) control therelevant backing of a given payment instrument. The holder's and themanufacturer's positions are not equal, therefore in case of bankruptcyof the manufacturer or a monetary reform, the holder usually loses thewhole value represented by these substitutes.

On the contrary, the present technical solution gives a birth to a meansof payment which preserves its value regardless of the economicsituation of the manufacturer. In case physical media contain also thesecond authorization factor in a tamper-evident mode, neither bankruptcynor possible liquidation of the manufacturer may affect the value ofissued media of encryption keys for digital currency as paymentinstruments. They are still used to store the value and facilitatepayments.

This medium of encryption keys for digital currency bears, unlike thementioned money substitutes, its intrinsic value equivalent to thebalance in the digital currency. This intrinsic value is similar as ifthe means of payment were directly precious metals (gold, silver). Suchtenders, usually coins, also have their intrinsic values which areindependent of the entity of manufacturer.

The medium of encryption keys for digital currency used as a means ofpayment retains the advantages identical to conventional modern physicalmeans of payment—low weight and small size. Banknotes were introduced,among other reasons, for the manipulation with large amounts of physicalgold seemed impractical. Likewise, the invented medium of cryptographickeys represents a tool which should facilitate payments to people forwhom the manipulation with digital currency in its native electronicform is impractical. At the same time, however, it retains its intrinsicvalue, so it is not a substitute, but rather a physical “envelope” foran electronic currency.

The present invention may be viewed as an instrument for themetamorphosis of digital currency from the electronic to the physicalworld and back (FIG. 11), with an important fact that once the currencyis transferred into the physical world, there is no longer anyone whocan use it in the original electronic world. This way can be describedthe aforementioned principle of the exclusive control of a currentholder. Current physical products concerning digital currencies namelyuse the diagram in FIG. 6, i.e. there are two entities to control themeans of payment at the time of its issuance, the manufacturer and theholder. Therefore, any time in the future, the situation shown in FIG.10 may occur, i.e. the “electronic holder” continues to use thefinancial resources and the “physical holder” finds out, when trying todevalue the object and transfer the backing back into the electronicenvironment, that he is no more the current holder, and that he had beenrobbed.

The metamorphosis between the electronic and physical representation ofmoney is regularly performed when taking cash to the bank/ATM anddepositing it on the account or, conversely, when withdrawing money froman account in a bank/ATM and taking it home as cash.

The present invention enables to perform this metamorphosis in thecomfort of home and without an intermediary (bank). With the necessaryamount of unbacked pieces of the described media of encryption keys fordigital currency, and by means of common office and computer equipmentand an internet connection, the electronic representation of currencycan be changed into the physical one. In case of physical media with thesecond authorization factor 5A in a tamper-evident mode, a change in theopposite direction is also possible, with only an internet connectionand a smart mobile phone or tablet. At the same time, the presentedinvention does not lack the secondary function of a safe offline storageof digital currency, i.e. it can replace paper wallets and other formsof private keys backups. Thus, even if it is not used in the paymentsystem, it retains its function as a store of value.

Solution Options

(1) Physical media of encryption keys for digital currency may miss thepart of digital signature 3A, namely in a situation when only therecipient of the payment instrument has an Internet connection, not thepayer, e.g. while shopping in a brick-and-mortar shop. The recipient canown a terminal connected to the Internet and use it to directly verifythe backing of individual pieces of a means of payment.

(2) Under certain circumstances it may be preferable to leave the secondauthorization factor with the manufacturer, yet to integrate a secrettamper-evident “password” into the medium, which will remotely provethat the communicating party is the beneficial holder of the paymentinstrument. This modification thus requires the cooperation of themanufacturer even at the redemption of backing, but it may take place ata distance without a physical contact of the manufacturer with the meansof payment. There are a few motivations to go for this option, e.g. toreduce the volume of protected information in a tamper-evident mode incase the production costs and/or vulnerability rise with the volume ofprotected information and the entire cryptographically strong secondauthorization factor would be difficult to integrate.

3) Issued means may theoretically be backed by a third party as well.During the issuance process the issuing entity must inform this thirdparty about the address to deposit the funds and then gain theidentifier of this transaction. The backing may also be provided by themanufacturer because in certain cases it can accelerate the process ofissuance, more precisely the process of generating the digital signature3A. This modification is based on the presumption that the issuer hadpreviously deposited a certain amount of money by the manufacturer,which is then withdrawn by the issuance of means of payment, i.e. acertain form of pre-deposited funds.

(4) The protection against counterfeiting media of encryption keys fordigital currency could theoretically be significantly improved by usinga technology called Physical Unclonable Function (PUF), which iscurrently the collective name for technologies used to produce an objectwhich cannot be copied, duplicated, or functionally forged (Lit. 10, 11,12, 13) even by means of the most advanced physical and chemicaltechnologies. Unique qualities are achieved by producing an electronicdevice with unique electromagnetic qualities which stem from thearrangement of molecules and atoms, and therefore it is technicallyimpossible to make an identical copy. In reality, it would mean to equipthe medium of encryption keys for digital currency with an electronicchip with PUF implementation, and so replace the unique alphanumericidentifier 1 described in the previous text. For this option would benatural to use the electronic form also for the completion of the firstauthorization factor 2A and the digital signature 3A by the issuer, i.e.a rewritable memory chip could be integrated. Higher protection of thepayment means against counterfeiting would be compensated by higherdemands on the equipment of the verifier because he would have to usemore advanced equipment to communicate with the electronics built intothe medium of encryption keys for digital currency. The resultingproduct would therefore not be so universally applicable. At the sametime, a number of other issues and problems related to theimplementation would arise since the area of contact and contactlesspayment cards equipped with a chip is known for a high amount ofpotential attacks and vulnerability.

INDUSTRIAL APPLICABILITY

The transfer of digital currency encryption keys through the process ofissuance, validation and devaluation of physical medium withmulti-factor authorization and the physical medium of encryption keysfor digital currency to conduct this transfer technology are applicablein the area of preservation and transfer of values in the paymentsystem.

The Literature used in Text and other Sources of Information

Lit. 1. Bitaddress. [Online] https://www.bitaddress.org.

Lit. 2. BitcoinPaperwallet.com. [Online]https://bitcoinpaperwallet.com/.

Lit. 3. Wallet Generator. [Online] https://walletgenerator.net.

Lit. 4. BIP 38: Passphrase-protected private key. [Online]https://github.com/bitcoin/bips/blob/master/bip-0038.mediawiki.

Lit. 5. OVD Kinegram AG. [Online] http://www.kinegram.com/.

Lit. 6. Soheil Hamedani, Gregor Innitzer. Coin having integrated rfididentification device and method for the production thereof. US20120055996 3 8, 2012.

Lit. 7. Swiss Bitcoin Certificates. [Online]https://www.bitcoinsuisse.ch/en/about-certificates/.

Lit. 8. Shamir, Adi. How to share a secret. Communications of the ACM.1979, Vol. 22.

Lit. 9. BIP 16: Pay to Script Hash. [Online]https://github.com/bitcoin/bips/blob/master/bip-0016.mediawiki.

Lit. 10. Christoph, Böhm a Maximilian, Hofer. Physical UnclonableFunctions in Theory and Practice. Place unknown: Springer, 2012.

Lit. 11. Pappu, R., at al. Physical one-way functions. Science. 2002,297.

Lit. 12. Naccache David, Frémanteau Patrice. Unforgeable identificationdevice, identification device reader and method of identification.EP0583709 1992.

Lit. 13. Roel, Maes. Physically Unclonable Functions: Constructions,Properties and Applications. Place unknown: Arenberg Doctoral School ofScience, Engineering & Technology, 2012.

Lit. 14. Feigelson, Douglas. Creating and using digital currency. US20130166455 6 27, 2013.

REFERENCE SIGNS

1 Alphanumerical identifier

2 Box for filling in the first authorization factor

2A The first authorization factor

3 Box for filling in the digital signature

3A Digital signature

4 Information on the denomination and the currency unit

5 Box for filling in the second authorization factor

5A The second authorization factor

6 Box for filling in the denomination

7 Symbol of digital currency

1. A physical medium of encryption keys for the digital currency toconduct the transfer of encryption keys through the process of issuance,validation and devaluation of the physical medium, such that the mediumis made of a flat plane base body of any shape and compact materials andwith one of its major plane surfaces identified with a uniquealphanumeric identifier (1) and containing applications of protectivefeatures against counterfeiting, with one or both major plane surfaceshaving a box (2) for receiving the first authorization factor (2A)physically encoded and a box (3) for adding the digital signature (3A)physically encoded.
 2. The physical medium of encryption keys fordigital currency according to claim 1, wherein the base body in the formof a flat plane object has the shape of a square, rectangle or circle.3. The physical medium of encryption keys for digital currency accordingto claim 1, wherein said medium is shaped like standard credit cards,coins or banknotes.
 4. The physical medium of encryption keys fordigital currency according to claim 1, wherein said medium bears oneither side information (4) about the denomination and currency unit. 5.The physical medium of encryption keys for digital currency according toclaim 1, wherein the applications of protective features againstcounterfeiting in case of a paper embodiment are security paper withwatermarks or metallic strips, optically variable elements, very finegraphic elements called guilloches, iris colour gradations, colours withUV or IR luminescence, chemically reagent colours.
 6. The physicalmedium of encryption keys for digital currency according to claim 1,wherein the applications of protective features against counterfeitingin case of embodiment in plastic cards are mainly holograms.
 7. Thephysical medium of encryption keys for digital currency according toclaim 1, wherein the applications of the protective features againstcounterfeiting in case of embodiment in metal coins are diffractivesecurity elements (kinegrams) or electronic RFID chips.
 8. The physicalmedium of encryption keys for digital currency according to claim 1,wherein the unique alphanumeric identifier (1) is turned into a securedelement, i.e. recoated with iridescent varnish, punched, or as anoptically variable element.
 9. The physical medium of encryption keysfor digital currency according to claim 1, wherein the box (2) forreceiving the first authorization factor (2A) and the box (3) for addingthe digital signature (3A) form in fact one shared box.
 10. The physicalmedium of encryption keys for digital currency according to claim 1,wherein either of the major plane surfaces bears another box (5) for thesecond authorization factor (5A) in a tamper-evident mode.